2008.03.16

Very simple NAT set-up on Debian

Many people ask me how to set up network address translation (NAT), aka. IP masquerading on a Debian (Etch) box. There are different ways of doing this, but this just works(tm).

You need to know (1) which interface is connected to your ISP, (2) which interface is connected to your LAN and (3) the IP address of your ISPs gateway. Edit /etc/network/if-up.d/iptables (the file probably does not exist), and enter the following:

You will need to modify to use the correct gateway address (no, that is *not* my ISPs gateway address, I made it up randomly). You may also need to swap eth0 and eth1 unless you have eth0 connected to your ISP.

This script will only set up what is necessary to enable NAT and to provide some rudimentary security. You will want to modify this script to provide other rules as well, to suit your own requirements.

You are done. Your Debian box can now act as a gateway to the Internet for other computers on your LAN, at least once they are configured to use the Debian box as their default gateway.